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BACKGROUND 

[0001] Cross Reference to Related Applications; This 
document claims priority to, and incorporates by reference 
all of the subject matter included in the provisional 
patent application filed 02/27/01, entitled OPEN INTERNET 
PROTOCOL SERVICES PLATFORM AND TOPOLOGY FOR USE. 



[0002] The Field Of The Invention; This invention 
relates generally to the creation of open Internet 

10 Protocol (IP) management tools and services. 

Specifically, the present invention is a network tool that 
integrates and performs the functions of multiple network 
related services in an Open IP Services Platform, wherein 
these services are typically performed by discrete 

15 components . 

[0003] Background of the Invention; Access to the 
Internet or other global information networks is generally 
becoming a commodity as Service Providers (SPs) and Local 
2 0 Exchange Carriers (LECs) look to new value-added 

applications and services in order to retain customers, 
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attract new business clients, and generate revenue. 
Enterprises face a limited supply of certified network 
administrators, increased demand for high-bandwidth 
network services, and the need to reduce the total cost of 
5 ownership while preserving existing infrastructure 

investments . 

[0004] Unfortunately, existing solutions for SPs and 
LECs fall short in a number of important areas. For 
example, most customer-premise equipment (CPE) is not 

10 Telco quality, thus resulting in inconsistent, unreliable 

service and problematic service agreements. Next, 
integration between network devices from a variety of 
vendors is difficult at best. Furthermore, a lack of 
extensibility and flexibility makes CPE difficult to 

15 scale. New application services can require a large 

upgrade, or at least a visit to the customer to modify or 
replace equipment. There are almost always new costs 
associated with every new piece of Internet Protocol (IP) 
functionality, as well as additional management issues. 

2 0 Finally, each piece of equipment requires a separate 

management interface, preventing network-wide visibility. 
[0005] The issues above all combine to prevent delivery 
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of revenue -genera ting, differentiated IP services to an 
increasingly demanding customer base. 

[0006] Current network designs typically require a 
discrete piece of equipment for each network function to 
be performed. For example, an Enterprise will typically 
include network devices that interface with desktop 
computers and servers, and connect them to the Internet or 
other network. The network devices includes servers, 
switches, routers, bridges, firewalls, load balancers, 
packet shapers, etc. Managing this wide conglomeration of 
network devices requires a significant amount of time and 
vendor-specific expertise. 

[0007] As network requirements expand and change, the 
need for specialized network services also changes. For 

15 example, repositioning a single network device within a 

network architecture disadvantageously necessitates both 
network downtime and a physical presence to make the 
changes. it is useful to examine a typical network 
configuration for an Enterprise to better understand the 

2 0 problem. 

[0008] Figure 1 is an illustration of a typical network 
topology 10 of the prior art. The interface between 
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desktops 12 and servers 14 to a network, such as the 
Internet 16, typically includes network devices or 
components such as a router 18, a firewall 20, a packet 
shaper 22, and at least one switch, but where two switches 
24, 26 are shown in this figure. Another server 28 might 
also be part of this interface, when the server is 
providing network services such as in an SQL server, DNS 
s er ver , Web s er ver , etc. 

[0009] Each of the discrete components listed above is 
disposed within its own "box. " Each box occupies a 
certain amount of space, or footprint. Furthermore, each 
box must also have its own power supply. 

[0010] It would be an advantage over the state of the 
art to provide network administrators with a network 
15 architecture and system tools that would provide a 

consolidated, flexible, scalable, and less complex 
management solution that can be customized according to a 
customer's needs. Such a solution should enable network 
components, both the hardware and the software, to be 
included from any vendor. It would also be an advantage 
to decrease the level of complexity of the solution such 
that management tasks can be performed by a person with 



20 
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limited computer network and vendor-specific knowledge. 
[0011] In order to assist the network administrator , it 
would also be an advantage to provide a plurality of pre- 
configured or "canned" network configurations. Thus, for 
5 relatively simple network configurations, the 

administrator would not even have to design the network 
topology, as long as the available network components 
matched the canned network configuration. 

[0012] It would also be an advantage over the prior art 
10 to provide a solution where the network configuration can 

be modified on the fly. The system should also be capable 
of enabling control of the system, if desired, down to 
single network port control, or sophisticated enough to 
manage all of the network ports as determined by network 
15 conditions. 

[0013] It would also be an advantage to provide a 
plurality of these systems such that they can be coupled 
together in a large network, be it the Internet, or a more 
localized WAN or LAN topology. The system should also 
20 enable spare processing capability to be made available 

for other applications, without degradation of the network 
functions being performed. 
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[0014] it would also be an advantage to provide third 
parties with the ability to have greater control of how 
their plug-in hardware or software operates with the 
invention by enabling programming of ActiveX modules that 
enable components to be dragged and dropped in a control 
and management interface into desired network 
configurations . 

[0015] Security of state of the art network devices is 
also a problem because embedded devices typically utilize 
a modified version of operating system software. The 
modified version is typically scaled down so as to include 
limited features. Therefore, it would be an advantage 
over the prior art to provide a system that utilizes a 
complete Operating System that can take advantage of the 
full range of Operating System's capabilities, including 
security features. 



[0016] Summary of Invention; It is an object of the 



present invention to provide a system that enables 
multiple network functions to be performed within a single 
device . 



[0017] It is another object to provide the system 
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wherein a single unit can perform any combination of the 
functions of a router, bridge, load balancer, firewall, 
packet shaper, switch, server, or any other network 
devices . 

[0018] It is another object to provide the system 
wherein the interconnections between the functions can be 
modified through software. 

[0019] It is another object to provide the system 
wherein the interconnections can be modified without 
taking the network down to make the changes . 
[0020] It is another object to provide the system 
wherein a complete Operating System is utilized to thereby 
take advantage of all the security features that are 
available . 

15 [0021] The present invention is embodied in a system 

comprising an Open IP Services Platform that provides any 
combination of functions of common network devices such as 
routers, bridges, firewalls, packet shapers, switches, 
load balancers, and servers in a single device, wherein 
the network devices can be provided by any third party, 
and are interconnected to function as a network through 
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management software that enables drag-and-drop 
configuration of the network devices, wherein 
configuration of the network is performed through software 
control and not physical rearrangement, and wherein a 
complete Operating System provides full functionality to 
the Open IP Services Platform. 

[0022] These and other objects, features, advantages 
and alternative aspects of the present invention will 
become apparent to those skilled in the art from a 
consideration of the following detailed description taken 
in combination with the accompanying drawings. 



Description of the drawings: 

[0023] Figure 1 is a block diagram of a typical network 
15 topology of the prior art. 

[0024] Figure 2 is a block diagram that is made in 
accordance with the principles of the presently preferred 
embodiment . 

[0025] Figure 3 is a block diagram that explains how 
the Open IP Services Platform 3 0 incorporates a Level 4 
switch router at the bottom level, and a general purpose 
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central processing unit (CPU) 34 at the top level. 

[0026] Figure 4 is a block diagram that is provided to 
give greater detail to the configuration of the Open IP 
Services Platform. 

[0027] Figure 5 is a block diagram of the software 
architecture of the present invention. 

[0028] Figure 6 is a block diagram that illustrates the 
relationship between virtual NICs and the virtual 
interconnect . 



E0029] Detaile d Description; Reference will now be 
made to the details of the invention in which the various 
elements of the present invention will be described and 
discussed so as to enable one skilled in the art to make 
15 and use the invention. It is to be understood that the 

following description is only exemplary of the principles 
of the present invention, and should not be viewed as 
narrowing the claims which follow. 

[0030] The present invention encompasses a range of 
improvements that by themselves and in combination are 
novel inventions. The fundamental building block of the 
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invention is a new type of network device (hereinafter 
referred to as the "Open IP Services Platform") . The Open 
IP Services Platform is capable of functions that are 
found in no other device. To understand the advantages of 
this Open IP Services Platform, it is helpful to name a 
few network devices, and explain how their functions are 
all performed by the present invention. 

[0031] Typical network components include but are not 
limited to routers, bridges, firewalls, packet shapers, 
switches, load balancers, and servers. These devices can 
all be found on a first side of the router, wherein on the 
second side, the router functions as a gateway to networks 
such as LAN segments, WANs, and the Internet or other 
global information networks. The specific topology of 
15 these networks on the first side of the router can vary 

significantly depending upon the needs and functions of 
the local network segment. Thus, several of the problems 
that the present invention overcomes include 1) the total 
number of physical devices that may be required for a 
20 network, 2) the number of wires that must be installed 

between the devices, 3) the time required to configure the 
devices, 4) the level of knowledge of the person that is 
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installing the devices, 5) an understanding and memory of 
the specific topology that has been set up, and 6) the 
ability to reconfigure a topology on-the-fly. 
[0032] The presently preferred embodiment of the 
invention is able to overcome these problems for several 
reasons. First, all of the network devices can be 
physically disposed within a single unit, or Open IP 
Services Platform. Obviously, there are many obstacles 
that must be overcome to do this. For example, the Open 
IP Services Platform of the present invention is 
constructed to accept network components from third 
parties. In other words, it is not a feature of the 
present invention to provide these network components, 
rather it is an aspect of the invention to provide a 
15 device that can house them in the Open IP Services 

Platform. Not only can these network components be 
disposed within the Open IP Services Platform, but more 
than one type of network component can be housed together. 
Essentially, all of the network components listed 
2 0 previously can be housed within a single unit of the Open 

IP Services Platform. 

[0033] In order to dispose these network components 
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together so that they function, several novel elements of 
the present invention had to be developed. A first aspect 
was a system for configuring the interconnections between 
the network components in the Open IP Services Platform. 
5 Consider multiple switches and a packet shaper disposed 

within the Open IP Services Platform. The packet shaper 
must be coupled to specific ports of the multiple 
switches. It is a novel aspect of the invention to 
provide a software package COREVISTA WEB(TM) that provides 

10 configuration control by physically interconnecting 

network devices that are stored within the Open IP 
Services Platform. Control is provided at what can be 
considered to be two levels. The first level of control 
enables the user to make specific port assignments if the 

15 system administrator is experienced, while the second 

level of control takes specific port assignments out of 
the hands of the administrator, and allows the specific 
configuration of ports to be left to the configuration 
software if the system administrator has only a limited 

2 0 understanding of network topology. 

[0034] It should be mentioned that the software package 
for configuration and management of the device is simple 
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enough to operate that a network specialist does not have 
to be brought in to set up the Open IP Services Platform. 
This aspect of the invention is made possible because the 
interface provides drag-and-drop configuration, as well as 



preferred embodiment of the invention is shown in figure 
2. Figure 2 illustrates that all of the network services 
provided by individual network components 18, 20, 22, 24, 
26, 2 8 have been replaced by a single Open IP Services 
Platform 30. It should be remembered that any or all of 
the functions of the network devices described above can 
be replaced as desired. 

[0036] Figure 3 is a block diagram of the presently 
preferred embodiment of the present invention. This 
figure is provided to illustrate that the Open IP Services 
Platform 3 0 incorporates a Level 4 switch router 32 at the 
bottom level, and a general purpose central processing 
unit (CPU) 34 at the top level. It should be mentioned 
that while a general purpose CPU is preferred, any type of 
specialty CPU can be substituted. The reason for 
preferring a general purpose CPU is that it is going to be 



5 



pre-conf igured loads. 



[0035] 



With this brief introduction, the presently 
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more flexible. In other words , the Open IP Services 
Platform 3 0 can do more than just function as a unit for 
consolidating network functions if it is given more 
processing power and ability to run more programs. These 
5 other capabilities are addressed in a simultaneously filed 

application. The drawback is that a specialty CPU can be 
faster. However, given the fact that general purpose CPUs 
have increased in operation capabilities so rapidly, it is 
unlikely that the CPU would be a bottleneck to performance 
10 for most situations where the Open IP Services Platform is 

deployed. 

[0037] The switch router 32 communicates with the CPU 
34 via an internal Peripheral Component Interconnect (PCI) 
bus 36. Presently, that translates into a communication 

15 conduit of 240 Mbps between those components 34, 36. 

However, the switch router 32 is communicating at wire 
speed with network components in levels 2-4. 
[0038] It is noted that it would take an OC-3 
connection to the Internet for the input to the Open IP 

20 Services Platform 3 0 to exceed the processing throughput 

capabilities of the CPU used in the preferred embodiment. 
The OC-3 type of connection is uncommon to most 
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businesses, and thus the present invention is going to 
handle almost all connection scenarios without becoming a 
bottleneck . 

[0039] Figure 4 is a block diagram that is provided to 
5 give greater detail to the configuration of the Open IP 

Services Platform 30. The CPU 34 is preferably a single 
board computer (SBC) operating with an INTEL (TM) chipset. 
The preferred microprocessor for the SBC 34 is an 
INTEL (TM) PENTIUM (TM) III. The SBC 34 communicates with 
10 memory in the form of SDRAM DIMMs 38, and possibly an 

array of hard drives/flash drives 40. The hard 
drives/ flash drives 40 are optional, depending upon the 
needs of the network or of the network components being 
incorporated into the Open IP Services Platform 30, as 
15 will be explained. 

[0040] The switch router 32 is shown coupled to the SBC 
34 via the PCI bus 36. The switch router 32 has also been 
labeled as a network accelerator to more fully describe 
its function. The switch router 32 is shown as providing 
2 0 the port connections to external networks via the Gigabit 

Ethernet Fiber (GBIC) Ports 42, 10/100 Mbps Ethernet (Base 
T) Ports 44, PCMCIA Expansion Ports 46, and additional PCI 
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Expansion Slots 48. 

[0041] The PCI Expansion Slots 48 are designed to 
receive the hardware of the network function being 
installed. In other words, a third party network function 
card is installed in one of the PCI Expansion Slots 48, 
enabling the Open IP Services Platform 3 0 to function as a 
load balancer, a firewall, etc. 

[0042] It is also noted that optional cards 50 can also 
be installed into the PCI Expansion Slots 48. These 
optional cards can include such functions as OC-3, DSL 
modem, Tl/El termination, and SCSI RAID. Thus it is seen 
that the Open IP Services Platform 30 is not fixed in its 
configuration or its function. 

[0043] Figure 5 is a block diagram of the software 
15 architecture of the present invention. The Operating 

System 52 is preferably one that has an open architecture. 
This selection of an open architecture OS was made so that 
the system administrator is given the ability to modify 
the operating system itself, if necessary, in order to 
20 obtain the desired operation of the invention, without 

having to depend on others to provide the desired 
capabilities . 
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[0044] Another advantage of utilizing an open 
architecture OS is that some users will want to drop their 
own software into the Open IP Services Platform 30. 
Unfortunately, this flexibility also enables users to 
5 write code that can potentially interfere with the other 

functions in the Open IP Services Platform 30. 
Advantageously, the complete OS provides memory management 
that prevents third party software from jeopardizing the 
operation of any other network functions taking place. 

10 [0045] The Open IP Services Platform 30 is also 

operated by a multi-tasking operation system. In the 
presently preferred embodiment, a stable and secure OS is 
desired. The Open IP Services Platform 3 0 is currently 
operated using FreeBSD or Linux. It is also important to 

15 understand that the OS operation within the Open IP 

Services Platform 30 is not what is typically referred to 
as an embedded OS. An embedded OS is often a smaller and 
less capable version of the complete OS. The present 
invention utilizes the complete OS so that all 
2 0 capabilities of the OS are available. These capabilities 

include the all -important security features. 
[0046] The Operating System 52 executes third party 
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applications 54, with the global rules 56 including 
management, statistics, and Quality of Service flow rules, 
and network services rules 58. Network service rules 58 
include restrictive flow control, security, a DNS server, 
5 file services, bandwidth metering, a DHCP server, a 

firewall, and external service packs. 

[0047] The Operating System 52 communicates with the 
interface 60 of the SBC 34. This communication is 
controlled via policy interface 62. Virtual interconnects 
10 64 handle the translation within the SBC 34 of mapping 

virtual NIC instantiations 66 to physical port 
instantiations 66 . 

[0048] Presently, the invention includes two different 
system configurations, the ECREACTOR 3000 (TM) and the 

15 ECREACTOR 5000 (TM). There are several common features in 

these products including: two Gigabit GBIC Ports 42, 
twenty four 10/100 (Base T) Ports 44, a single 733 MHZ 
PENTIUM (TM) III CPU 34 that is ungradable, 32 MB of RAM 
and 32 MB of Flash RAM 38, both ungradable, two USB ports, 

2 0 one serial port that is optional, and two PC card slots 

46, type 2. The devices are different in that there are 
two PCI bus slots, and an optional hard drive on the 
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ECREACTOR 3000 (TM). In contrast, the ECREACTOR 5000 (TM) 
includes four PCI bus slots, and comes with two RAID bays 
for up to 6 hard drives, and a redundant power supply. 
Both systems are configurable via local PC, serial port, 
5 modem, or via a network connection. More control is 

possible, however, using a configuration program that 
operates in the WINDOWS (TM) environment. 

[0049] It is observed that presently both systems run 
FreeBSD 4.2 and Linux Kernel 2.2.17 (RedHat 6.2 or 7.0, 

10 Mandrake 6.2) Operating Systems. However, a PC running 

any Operating System can communicate with them via Telnet 
or a command line interface. But the software 
configuration tool, COREVISTA WEB (TM) , is currently a 
WINDOWS (TM) application . 

15 [0050] Other important statistics of the systems are 

that the address table size is 16K IP and 8K IPX addresses 
with no per port limits, and more available via aging. 
The systems also include an RS-232 console port that 
supports remote monitoring and diagnostics via a DB-9 

20 (DTE) connector. Pre-set configurations include, but are 

not limited to, internal and external Tl, DSL modem, 
analog modem, and others. A store-and- forward forwarding 
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mode is available. Filtering modes are destination-based, 
multicast address-based, or port based. IK virtual LAN 
support is also provided. 

[0051] Upgrades to the Open IP Services Platform 3 0 are 
5 also available using the FTP protocol via Flash PROM. 

Additional features include port priority, port 
aggregation (multi-link), port mirroring for RMON probes, 
and link aggregation and redundancy where up to 8 ports 
can be configured as a single 800 Mbit link. 

10 [0052] When considering how the present invention is 

different from the state of the art, the present invention 
hooks the networking functions into a server to make 
network functions more seamless. In other words, instead 
of just operating as a Network Interface Card (NIC) tied 

15 into a switch or router, the present invention provides 

full control over the switch and router functions. This 
approach is different from the state of the art because no 
one has previously tried to provide this type of interface 
that enables a third party to load their own components 

2 0 into a box providing some type of network function. In 

fact, this approach is antithetical to the business model 
of any other network function provider. For it is the 
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desire of suppliers of network functions that the user not 
try to add hardware or software components of a third 
party into their own box. Obviously, this type of 
approach severely limits trying to build a "best of class" 
network if a user can only install certain brands of 
products when interoperability is a must. 
[0053] Thus, the present invention performs the unique 
function of being an integrator of network products that 
have previously required separate boxes or isolated 
operation in order to function. Advantageously, the 
present invention does not have to try and provide any of 
the network functions themselves, but instead provides a 
box that enables network cards performing all manner of 
functions to be disposed therein, while providing the 
15 hardware and software to make interconnections between the 
different network cards. Thus, even though the present 
invention does provide switch/router capabilities, even 
these functions can be replaced or enhanced by the 
addition a third party switch or router card. 
20 [0054] Another way to look at the invention is seen by 

examining its use of virtual NICs . Using virtual NICs, in 
the sense that they present a standard interface like a 
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normal driver, up to the services and stacks above it in 
the software, so that the software believes it is 
communicating with a normal driver. A novel aspect of the 
invention is to be able to dynamically remap it to other 
5 services within the Open IP Services Platform. This means 

the data does not have to serialized/deserialized. This 
also gives the present invention the ability to remap to 
physical ports down through the bottom end of a networking 
stack. Another advantage is the ability to create rules 
10 based on a specific interface. Thus, the use of virtual 

NICs provides the invention with the ability to map 
process to process . 

[0055] Another use of the virtual NICs has to do with 
memory allocation. Typically, a pool of memory resides 

15 with the driver. Memory is handed off to other resources 

as needed. Memory, in this case a buffer, is eventually 
released and given back to a driver. An important aspect 
of the invention is to share all of the buffers across all 
of the virtual NICs. 

20 [0056] For example, consider a packet of data received 

by a router installed in the Open IP Services Platform. 
The router would had down a tag or pointer for data stored 
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in a buffer to a virtual NIC interface, which would hand 
the tag to a firewall. Thus, the data in a buffer is no 
longer being transferred or copied from buffer to buffer 
as each new process receives the data in the buffer, but 
5 instead the data remains in the same buffer, and control 

of the tag to the buffer is what is passed from process to 
process. Thus, the Open IP Services Platform becomes very 
fast and very efficient in its handling of packets because 
the present invention utilizes the virtual NICs or virtual 

10 interconnect that handles buffer data management across 

the services, rather than individually. Thus, buffer 
management is done globally, but handled at a low level. 
Thus, the allocation of memory in the buffer pool is known 
at all times because buffer management is being handled 

15 globally. 

[0057] To help understand the aspects of the invention 
described above, figure 6 is provided to show how virtual 
NICs (VNICs) are utilized. Figure 6 shows three services, 
A 70, B 72, and C 74. A VNIC is shown coupled to each of 
2 0 the services, thus providing VNIC A 76, VNIC B 78, and 

VNIC C 80. Each of the VNICs is coupled to the virtual 
interconnect 82 of the Open IP Services Platform 30. The 
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services 70, 72, and 74 pass pointers or tags to data 
stored in a global managed memory buffer. By having the 
VNICs A 76, B 78 and C 80 pass pointers or tags to each 
other instead of having to actually copy the data in the 
5 buffers, overhead is reduced. The ASIC 84 is shown to 

explain that the services can be broadly defined. It is 
noted that the virtual interconnect 82 can be controlled 
by rules that are user defined. The rules determine what 
data can be passed to particular services. The virtual 

10 interconnect 82 is also responsible for packet 

redirection, or in other words, passing of pointers to the 
data in the buffer from one service to another service. 
The virtual interconnect 82 can also perform multicast 
copying and management. The virtual interconnect 82 

15 becomes a flow mechanism among software instead of a 

serialization/deserialization process. The virtual 
interconnect 82 is both software and routing between 
stacks on the same processor, and it is also hardware in 
that the hardware interconnections are configured between 

2 0 ports. 

[0058] The virtual interconnect 82 is one of the 
aspects of the invention that makes it possible to add 
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multiple functions to a single processor, but also to work 
in the opposite direction. In other words, a single 
service can be spread out across multiple processors. 
Thus, when a processor determines that it does not have 
enough processing power available for a particular 
service, a portion of the services can be redirected at 
wire speed to another processor. 

[0059] An interesting use of this virtual NIC 
technology is utilizing it with VLANs . Not only is it 
possible to control ports on a port by port basis, the 
present invention enables control on a virtual port basis 
out through VLANs. Thus, a port in the Open IP Services 
Platform can be assigned to a group of services that do 
not even have to be present in the Open IP Services 
15 Platform. For example, consider two Open IP Services 

Platforms coupled together. The services in a first Open 
IP Services Platform can be assigned to a port in a second 
Open IP Services Platform. The present invention has thus 
added the ability to hook a driver into an application 
20 that maps to an outside port. This is done using the 

tagged VLAN mechanism. *** 

[0060] Another aspect of the invention to consider is 
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the combining of a server and switch. By doing so, the 
server has full access to all the data because the server 
has all of the protocols. Thus, the switch becomes a full 
router, with the ability to process and manipulate the 
data. Consider the advantage of being able to serve data 
immediately to a port so that the network itself does not 
become a bottleneck. For example, a typical network 
infrastructure limits speed of data to the 100 Mbit or 1 
Gbit data pipes. But by merging the server and the switch 
together, data now moves at the speed of the bus in the 
server, which can be much greater. Furthermore, providing 
multiple system buses within the server provides the 
function of scalability by using the Open IP Services 
Platform 30. 

15 [0061] One of the novel aspects of the invention is 

that because the present invention is not trying to 
duplicate the functions of a proprietary firewall, call it 
Firewall A, there are no licensing fees to be paid because 
Firewall A is purchased and put into the Open IP Services 

20 Platform 30. The Open IP Services Platform 3 0 thus 

provides all of the functionality of Firewall A because it 
is the actual Firewall A. Likewise, Load Balancer B is 
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manufactured by a different company, is purchased, and 
disposed within the Open IP Services Platform 3 0 next to 
Firewall A. Firewall A and Load Balancer 33 now provide 
all of their functionality in a single box. All 
5 interconnections between them are provide by the present 

invention down to a port-by-port basis. 

[0062] Another novel aspect of the invention is that it 
prevents exclusivity of function. Suppose that the 
manufacturer of Firewall A enters into an exclusive 

10 contract such that it is no longer available for use in 

the Open IP Services Platform 30. Advantageously, 
Firewall A is removed and Firewall B is put in its slot. 
After loading Firewall B's drivers, it is likely that no 
other configuration of Firewall B will be required. The 

15 firewall functions will operate as before. 

[0063] It is another aspect of the invention that most 
network functions can be added into the Open IP Services 
Platform 3 0 without modification. The only requirement is 
that the driver for the network function be provided for 

20 the OS that is running on the Open IP Services Platform 

30. 

[0064] Another aspect of the invention is that the Open 
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IP Services Platform 3 0 can communicate at wire speed with 
other Open IP Services Platforms. This is advantageous 
when, for example, a particular function is not being 
performed fast enough in one particular unit. Just one 
function can be rerouted at wire speed to another Open IP 
Services Platform 30. 

[0065] Consider an Open IP Services Platform 30 that is 
performing the functions of a server that is providing 
FTP, web services, mail services, etc. It is possible to 
assign any of the services to different servers (Open IP 
Services Platforms 30), at wire speed, to keep performance 
at a desired level. The present invention can also 
reconfigure the Open IP Services Platform 3 0 on the fly 
such that when certain performance bottlenecks are being 
15 reached, the Open IP Services Platform 30 will reassign 

functions as previously defined by the administrator. 
[0066] Another feature of the present invention is that 
both configurations of the Open IP Services Platform 3 0 
provide keyboard, mouse, and monitor ports. Thus, the 
20 Open IP Services Platform 30 is a full-fledged server that 

a developer can work on directly. 

[0067] It is observed that the physical dimensions of 
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the Open IP Services Platform 3 0 are also industry 
standard for use in data centers and other facilities that 
use rack mounted equipment. The dimensions vary from a 
lU-high to a 3U»high unit that are rack-mountable . 
5 [0068] Another novel aspect of the invention that 

increases versatility is the type of environments in which 
the Open IP Services Platform 3 0 can operate. Small 
businesses are often stashing network components into 
closets or other tight spaces. This closed environment 
10 typically runs hotter than a room with its own thermostat. 

Accordingly, the Open IP Services Platform 3 0 would 
normally run at a higher than optimal temperature. 
Another aspect of the invention is to provide a solid 
state refrigeration unit. This aspect is especially 
15 important when considering the commercial and industrial 

locations where the Open IP Services Platform 30 will be 
used. This is also more important for the ECREACTOR 
5000 (TM) model that includes hard drives. Hard drives are 
especially vulnerable to high operating temperatures. The 
20 refrigeration unit can be disposed just on the hard drives 

themselves . 

[0069] With these features in mind, it is useful to 
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consider the manner in which the present invention 
utilizes them to achieve novel advantages, while observing 
that the advantages are available to all of the targeted 
core markets of SPs, LECs and Enterprises. First, the 
invention provides a consolidated equipment solution. 
Managing a wide array of single-function, multi-vendor 
network devices creates high installation and management 
costs. The present invention consolidates the many 
functions performed by the individual network devices. 
The equipment consolidation can be partial or total, with 
a single device replacing entire racks of physical 
equipment. Consolidation of network functions solves a 
critical long-term build-out problem in Enterprise IT 
rooms, SP data centers, and in LEC central offices where 
equipment proliferation often overwhelms available power, 
air conditioning or physical space limitations. 
Consolidated equipment means that there are fewer 
interconnections, fewer cables, and fewer moving parts to 
fail, resulting in increased uptime and reduced ongoing 



simplifies installation and ongoing maintenance. The 



20 



support costs. 



[0070] 



Consolidated network equipment greatly 
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present invention includes an elegant, intuitive, 
centralized management application, COREVISTA WEB(TM), 
that enables installation in less than 15 minutes. Thus, 
the administrator can deploy units without needing to 
5 complete multiple, vendor-specif ic , certified training 

programs as will be explained. The present invention even 
offers self-configuring features on base units. 
[0071] The flexible allocation of network resources is 
made possible because software is used to make all 

10 connections between network devices installed in the 

present invention. Any single or combination of virtual 
or physical ports can be instantly reassigned new IP 
services on a port-by-port basis. This enables the 
administrator to reconfigure IP services as needs change, 

15 and without taking down any part of the network. This 

aspect is especially critical to large Enterprises, and 
almost any SP and LEC. 

[0072] One of the greatest advantages of the present 
invention is the use of open IP standards. Proprietary 
2 0 technologies are often initially attractive because lower 

costs can be achieved for a specific function. 
Disadvantageously, however, proprietary technologies often 
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limit selection of complementary equipment, leaving the 
network function isolated and unexpandable . Additionally, 
proprietary equipment can preclude the use of certain IP 
services completely, and can require an administrator to 
5 provide specialized training for staff. Thus, hidden 

costs add up and quickly surpass any initial savings. 
[0073] The present invention delivers a truly open 
architecture communications platform specifically designed 
to enable rapid deployment of "best in class" applications 

10 and value-added services for mission-critical 

communications, while preserving existing infrastructure. 
The present invention also enables the administrator to 
offer any IP service through the Enterprise, SP or LEC. 
[0074] Configuring the Open IP Services Platform 30 can 

15 be performed in various ways. To drag and drop icons 

representing the network components requires that the 
administrator access the Open IP Services Platform using 
the COREVISTA WEB(TM) configuration program. In contrast, 
access over the web using COREVISTA WEB(TM) enables the 

20 administrator to configure what is already loaded in the 

Open IP Services Platform 30, but not to design the 
layout. In other words, it enables the administrator to 

MORRISS, BATEMAN, O ' BRYANT & COMPAGNI 
5882 South 900 East, Suite 300 
Salt Lake City, Utah 84121 
(801) 685-2302 

1617.EMCO.NP 3 3 



configure what is already loaded, but not change the 
layout . 

[0075] When performing configuration over a network, it 
is noted that SSH is provided for a secure and encrypted 
5 configuration session. 

[0076] One useful feature is that the configuration can 
be stored on and loaded from a PC card. Thus, if an SP or 
LEC needs twenty identical Open IP Services Platforms 30, 
only one has to be manually configured using the COREVISTA 
10 WEB(TM) configuration program. The configuration is then 

stored on a PC card that can be duplicated. The 
administrator then only has to insert the PC card into a 
non-configured Open IP Services Platform 30, and load the 
configuration . 

15 [0077] Both the ECREACTOR 3000 (TM) and the ECREACTOR 

5000 (TM) Open IP Services Platforms include a host of 
standard software applications right out of the box. 
These software applications include an APACHE (TM) web 
server, SQL (TM) -based database management, various drivers 

20 and interface for the ports and other hardware, DHCP, IPB4 

router, network access translation (NAT), a restrictive 
flow packet shaper, SNMP, point to point protocol (PPP) , a 
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virtual private network (VPN) , a virtual LAN (VLAN) , SSH 
tunneling. Some Open IP Services Platforms can also 
include a SAMBA server, DNS , a POP mail server, and full 
software or hardware RAID functionality. 
[0078] The present invention also provides a 
standardized interface to all of the network cards that 
can be loaded. This interface is SQL-based to enable full 
control over access to the network functions. It is also 
a function of the invention to provide ActiveX modules for 
each network function that is being added. The power of 
this feature is that, for example, the ActiveX module can 
be input to a spreadsheet. As the network is operating, 
the spreadsheet is displaying all of the statistics of 
that network function in realtime. 
15 [0079] One of the advantages of the present invention 

that may not yet be apparent is that it includes a central 
point of configuration control. Each network card has an 
associated database and ActiveX component. Thus, two 
firewalls can be configured in exactly the same way. 
20 Obviously, each firewall card requires its own unique 

driver and instruction set because they are probably 
proprietary systems. Surprisingly, both of the firewall 
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cards can be controlled using the identical ActiveX 
component and the same database. The present invention is 
able to provide a centralized, standard interface program 
that performs the translation between the database and the 
5 firewall cards themselves. 

[0080] It was stated previously that the present 
invention provides allocation of network resources at the 
port, protocol, and IP address level. In other words, it 
is possible to control and thus sell IP services on a 
10 port-by-port basis. It is useful to examine several 
examples of how this works. 

[0081] Consider an office building with four tenants, 
A, B, C and D. In a packet shaper that comes with the 
ECREACTOR 3000 (TM) , each of the tenants can be allocated 

15 Internet access by a rule set, trigger point, or manually. 

Rule sets are used to allocate resources. For example, 
the tenants can share a Tl line equally, where each tenant 
is restricted to 300 kb of bandwidth. A trigger point is 
used to activate particular rule sets, depending upon the 

20 conditions. Finally, it is possible to manually override 

the rule sets and trigger points. 

[0082] A first example is when none of the tenants are 
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restricted to the amount of bandwidth that they can use. 
Therefore, tenant A may use 800 kb of bandwidth without 
interfering with the other tenants. Then, tenants B, C, 
and D all need 2 00 kb of bandwidth. At this point, the 
5 bandwidth of the Tl is exceeded. A trigger point can be 

set so that when bandwidth demand exceeds the maximum 
available bandwidth, the tenants are restricted. The rule 
set that is activated can divide all the bandwidth 
equally, or still favor the heaviest bandwidth user while 

10 reducing the bandwidth to that user. 

[0083] Bandwidth can also be allocated according to the 
type of activity that is being performed. Thus, activity 
can be restricted based on protocol, or the type of 
activity that is occurring. Thus, all tenants can be 

15 given unrestricted flow control on e-mail, but restricted 

flow on web browsing or FTP. 

[0084] It was mentioned that flow control can be 
managed down to a single port. For example, there can be 
three ports, each port having a unique firewall and flow 
2 0 control configuration. 

[0085] Another feature of the present invention when 
rules and trigger points are useful is when access is 
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suddenly restricted to the Open IP Services Platform 30 
itself. For example, a cable in the ground is cut by some 
construction activity. The Open IP Services Platform 30 
can reconfigure itself based on the total available 
5 bandwidth that it sees. Thus, when a Tl line is cut, and 

the dial-up access becomes the only way to get out on the 
Internet, all users may be severely restricted, and yet 
enable vital services such as email. However, access to 
web servers behind the Open IP Services Platform 30 from 
10 the outside may have to be eliminated to ensure email 

access . 

[0086] Not only can access to outside networks be 
dynamically allocated, but it is also possible to perform 
access metering. Thus, if a tenant desires to be charged 
15 only for actual use of access to an outside network, this 

can be done. 

[0087] It is important to realize that the scenarios 
described above are available only because all of the 
network functions are disposed within a single box that 
20 can reconfigure itself on the fly. 

[0088] The specification above is specifically 
addressed to the novel aspects of the hardware and 
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software integration of third party network cards. 
However, it is mentioned that the COREVISTA WEB(TM) is 
also considered a novel aspect of the invention, as is the 
unique database structure that enables the configuration 
software to function with and configure all the third 
party network cards that are disposed within the Open IP 
Services Platform 30. However, all of the functionality 
of these other novel aspects of the invention are not 
required for the invention to function. What is important 
is that a common SQL database structure be provided that 
enables each network function to be controlled thereby. 
Regarding the configuration software, it is only necessary 
that each network function be controlled by an ActiveX 
module that is linked to an SQL database. Thus, a 
15 consistent interface to the actual network cards is 

provided. Furthermore, third parties can develop and 
deliver their own ActiveX module for their network 
component . 

[0089] By assigning each ActiveX module to its own SQL 
2 0 database, each network component is able to have its own 

password to its functionality. Therefore, an 
administrator can have a unique password for each network 

MORRISS, BATEMAN, O'BRYANT & COMPAGNI 
5882 South 900 East, Suite 300 
Salt Lake City, Utah 84121 
(801) 685-2302 

1617.EMCO.NP 3 9 



10 



component, thereby allowing access to specific modules 
without compromising the entire network configuration. 
[0090] The other advantage of SQL databases is that 
each module can be controlled by a set of rules. These 
rules can be manually triggered, or automatically 
triggered by an event. The events can be time-based or 
triggered by network conditions. Likewise, bandwidth 
usage can be restricted when the demands outstrip the 
available supply. These events can even trigger a call for 
help to a system administrator or to another designated 
party. 

[0091] This flexibility in control of the aspects of 
the Open IP Services Platform enable unprecedented 
opportunities. For example, a business can provide 

15 Internet access to any other business in a building, thus 

operating as a mini-Internet Service Provider (ISP) . 
Bandwidth can be dolled out in any desired increments to 
users. The bandwidth can even be controlled down to the 
port on a switch. 

20 [0092] It is to be understood that the above-described 

arrangements are only illustrative of the application of 
the principles of the present invention. Numerous 
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modifications and alternative arrangements may be devised 
by those skilled in the art without departing from the 
spirit and scope of the present invention. The appended 
claims are intended to cover such modifications and 
5 arrangements . 
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